By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

patches Wednesday for many popular versions of desktop and business applications.

The most critical vulnerability is titled "Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution" (MS 03037). Microsoft provided few details about the actual vulnerability, but says the flaw is dangerous and users of affected software should apply patches immediate.

Affected software includes Access (97/2000/2002), Excel (97/2000/2002), PowerPoint (97/2000/2002), Project (2000/2002), Publisher 2002, Visio (2000/2002), Word (97/98(J)/2000/2002), Works Suite (2001/2002/2003) and several versions of Microsoft Business solutions. Microsoft cautions users to check the patch before installing, since there are different patches for each application.

Also affecting popular word processing applications are two important vulnerability advisories: "Flaw in Word Could Enable Macros to Run Automatically" (MS 03035) and "Buffer Overrun in WordPerfect Converter Could Allow Code Execution" (MS 03036).

Microsoft is advising users to patch affected software immediately to prevent exploitation of a macro virus targeting vulnerable versions of the popular word processor. Affected versions include: Word 97/98(J)/2000/2002 and Works Suite 2001/2002/2003.

The WordPerfect converter flaw is equally important, since it could allow an attacker to run code on a target system. Affected software includes Office (97/2000/XP), Word 98(J), FrontPage 2002, Publisher 2000 and Works Suite (2001/2002/2003).

A second buffer overflow vulnerability is affecting version of the Access database solution. "Unchecked Buffer Overflow in Microsoft Access Snapshot Viewer Could Allow Code Execution" (MS 03038) is rated as a moderate vulnerability that affects Access (97/2002/2002) and the downloadable Access Snapshot Viewer. A patch is available.

Microsoft's operating system didn't escape this round of security problems. "Flaw in NetBIOS Could Lead to Information Disclosure" (MS 03034) is rated as a low priority, but it could cause some serious security problems.

Under certain conditions, a NetBT query used to pass datagrams between networked devices will return not only machine address information, but pieces of data from the target machine's memory. The data leakage is completely random, but an attacker could use a series of queries to capture critical information. A patch is available, but Microsoft also recommends closing port 137 to prevent exploitation from the Internet.

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy